SAP issues update to correct critical ActiveX flaw

A critical error in SAP's graphical user interface could be exploited by an attacker to gain access to sensitive data and critical files.

SAP issued an update to correct an ActiveX flaw that plagues its graphical user interface (GUI). The flaw could be exploited by an attacker to gain access to sensitive data.

The SAP interface is used in the software vendor's enterprise resource planning applications.

The flaw was discovered by Carsten Eiram, a researcher with Danish vulnerability clearinghouse Secunia. In the Secunia advisory, Eiram said an error in the TabOne ActiveX control could be remotely exploited to cause a heap-based buffer overflow by adding multiple tabs. Secunia gave the flaw a highly critical rating.

"Successful exploitation may allow execution of arbitrary code," Secunia said.

SAP issued an update correcting the flaw. Version 7.10 sets the kill-bit for the ActiveX control.

The Waldorf, Germany-based software vendor has corrected a number of ActiveX flaws in the past. SAP issued an update to its GUI in November, correcting an ActiveX flaw that could crash Internet Explorer if an attacker passed malicious code.

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close